| |
| |||||||
Log-Analyse und Auswertung: Cyer police SperreWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
15.11.2012, 13:52
| #1 |
| |  Cyer police Sperre Ich habe heute morgen den Polizei Trojaner, der hier chon mehrfach erwähnt wurde, eingefangen. Ich habe auch schon mit Hilfe von OTL einen Scan durchgeführt. Hilfe, wie geht es nun weiter??? Hier die LOG daten:OTL Logfile: Code:
ATTFilter OTL logfile created on: 11/15/2012 1:04:09 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.19328)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.33 Gb Total Space | 211.08 Gb Free Space | 36.25% Space Free | Partition Type: NTFS
Drive D: | 596.17 Gb Total Space | 325.13 Gb Free Space | 54.54% Space Free | Partition Type: NTFS
Drive J: | 13.84 Gb Total Space | 1.95 Gb Free Space | 14.07% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2012/07/20 07:00:51 | 002,635,776 | ---- | M] (Deutsche Telekom AG) [Auto] -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV:64bit: - [2011/11/23 07:02:07 | 000,012,800 | ---- | M] (Deutsche Telekom AG) [Auto] -- C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe -- (MCSWASVR)
SRV:64bit: - [2010/09/22 12:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/11/12 08:22:38 | 002,452,912 | ---- | M] (LogMeIn Inc.) [Auto] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/10/27 12:46:15 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/10 14:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/09 13:26:22 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/02 06:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/07/19 11:08:04 | 000,738,152 | ---- | M] (Tunngle.net GmbH) [On_Demand] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012/07/16 09:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe -- (NIS)
SRV - [2012/06/07 12:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/11/15 06:03:00 | 000,040,960 | ---- | M] () [Auto] -- C:\Users\Admin\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2011/06/29 08:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011/04/01 04:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 04:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/17 04:14:50 | 000,098,304 | ---- | M] (Firebird Project) [Auto] -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2010/09/17 04:14:42 | 003,735,552 | ---- | M] (Firebird Project) [On_Demand] -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2010/03/18 06:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/10 07:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/04/22 15:53:22 | 000,296,320 | ---- | M] () [Auto] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2009/04/22 15:53:22 | 000,116,104 | ---- | M] () [Auto] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/03 11:21:18 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/02/03 06:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/01/20 21:47:00 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 21:47:00 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/07/05 21:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\NISx64\1309000.009\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2012/07/05 21:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | System] -- C:\Windows\System32\Drivers\NISx64\1309000.009\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2012/06/06 23:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/05/21 20:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\NISx64\1309000.009\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/04/17 21:13:32 | 000,445,560 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\System32\Drivers\NISx64\1309000.009\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2012/04/17 20:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2012/03/26 15:15:10 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/03/08 11:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/11/23 21:23:20 | 000,043,640 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2011/07/25 13:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\NISx64\1309000.009\symds64.sys -- (SymDS)
DRV:64bit: - [2011/07/07 18:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/10/25 11:04:46 | 000,384,616 | ---- | M] (Realtek ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2010/09/16 10:02:59 | 000,045,664 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand] -- C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys -- (TelekomNM6)
DRV:64bit: - [2010/08/28 14:21:28 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV:64bit: - [2010/05/15 08:55:14 | 000,318,152 | ---- | M] (EldoS Corporation) [Kernel | System] -- C:\Windows\System32\drivers\cbfs3.sys -- (cbfs3)
DRV:64bit: - [2010/03/15 03:38:46 | 000,161,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039mdm.sys -- (s1039mdm)
DRV:64bit: - [2010/03/15 03:38:46 | 000,158,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039unic.sys -- (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM)
DRV:64bit: - [2010/03/15 03:38:46 | 000,141,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039mgmt.sys -- (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2010/03/15 03:38:46 | 000,137,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039obex.sys -- (s1039obex)
DRV:64bit: - [2010/03/15 03:38:46 | 000,034,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039nd5.sys -- (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS)
DRV:64bit: - [2010/03/15 03:38:46 | 000,019,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039mdfl.sys -- (s1039mdfl)
DRV:64bit: - [2010/03/15 03:38:38 | 000,127,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039bus.sys -- (s1039bus) Sony Ericsson Device 1039 driver (WDM)
DRV:64bit: - [2009/10/20 11:20:36 | 000,114,608 | ---- | M] (Philips Applied Technologies) [Kernel | On_Demand] -- C:\Windows\System32\drivers\phaudlwr.sys -- (phaudlwr)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WpdUsb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/16 01:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV:64bit: - [2009/04/06 02:13:46 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2009/04/06 02:13:46 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2009/03/18 11:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/01/19 13:32:22 | 000,334,344 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2008/11/04 18:34:10 | 000,025,888 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand] -- C:\Program Files\PC-Doctor for Windows\pcd5srvc_x64.pkms -- (PCD5SRVC{8AAF211B-043E02A9-05040000})
DRV:64bit: - [2008/10/21 02:22:44 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV:64bit: - [2008/10/21 02:22:44 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex)
DRV:64bit: - [2008/10/21 02:22:44 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV:64bit: - [2008/10/21 02:22:42 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm)
DRV:64bit: - [2008/10/21 02:22:42 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008/10/21 02:22:42 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV:64bit: - [2008/10/21 02:22:40 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV:64bit: - [2008/07/07 07:13:28 | 000,587,264 | ---- | M] ( ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SPC630.sys -- (SPC630)
DRV:64bit: - [2008/07/07 07:13:28 | 000,008,192 | ---- | M] ( ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SPC630m.sys -- (SPC630m)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV - [2012/11/15 03:19:48 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20121114.008\ex64.sys -- (NAVEX15)
DRV - [2012/11/15 03:19:48 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20121114.008\eng64.sys -- (NAVENG)
DRV - [2012/10/23 18:34:23 | 001,384,608 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20121106.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/08/31 19:27:23 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20121114.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/09 03:32:48 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2008/11/28 11:04:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/07/07 21:35:01] [Kernel | Auto] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de
IE - HKU\Admin_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Key error. File not found
IE - HKU\Admin_ON_C\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - Reg Error: Key error. File not found
IE - HKU\Admin_ON_C\..\URLSearchHook: {c9508125-4747-4733-b048-e4b82dc9716d} - Reg Error: Key error. File not found
IE - HKU\Admin_ON_C\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - Reg Error: Key error. File not found
IE - HKU\Admin_ON_C\..\URLSearchHook: {fc01c2be-850b-4115-9b6b-9a427ddecc34} - Reg Error: Key error. File not found
IE - HKU\Admin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de
IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de
IE - HKU\UpdatusUser_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt
IE - HKU\UpdatusUser_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_11_4_402_287.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\19\NP_wtapp.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn\ [2012/02/01 06:15:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn\ [2012/11/15 06:40:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/06 16:23:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/09 03:31:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/09 03:31:41 | 000,000,000 | ---D | M]
[2012/10/27 12:46:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/27 12:46:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/10/27 12:46:15 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/16 06:43:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/03/05 07:58:13 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/10/16 06:43:29 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/16 06:43:29 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/10/16 06:43:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/10/28 12:47:51 | 000,002,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2012/10/16 06:43:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/10/16 06:43:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O2:64bit: - BHO: (SearchCore for Browsers) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\BrowserConnection.dll (Bandoo Media, inc)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Toolbar 3.0 der Telekom Browserhilfsobjekt) - {C9603180-FA5C-4DB0-A013-ADC60309AF82} - C:\Program Files\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (SearchCore for Browsers) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Toolbar 3.0 der Telekom Browserhilfsobjekt) - {C9603180-FA5C-4DB0-A013-ADC60309AF82} - C:\Program Files (x86)\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (Toolbar 3.0 der Telekom) - {2015C8D4-8534-48DB-B5FB-5C76291F080C} - C:\Program Files\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Toolbar 3.0 der Telekom) - {2015C8D4-8534-48DB-B5FB-5C76291F080C} - C:\Program Files (x86)\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKU\Admin_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\Admin_ON_C\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKU\Admin_ON_C\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation)
O3 - HKU\Admin_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Admin_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files (x86)\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Admin\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKU\Admin_ON_C..\Run: [Facebook Update] C:\Users\Admin\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\Admin_ON_C..\Run: [gzkmgyckzfscuif] C:\ProgramData\gzkmgyck.exe ()
O4 - HKU\Admin_ON_C..\Run: [NortonUtilities] C:\Program Files (x86)\Norton Utilities 14\rmtray.exe (Symantec Corporation)
O4 - HKU\Admin_ON_C..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Default\Start Menu\Programs\Startup\Meine Dienste.lnk = C:\Program Files\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)
O4 - Startup: C:\Users\Default User\Start Menu\Programs\Startup\Meine Dienste.lnk = C:\Program Files\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\Admin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Admin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Admin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9:64bit: - Extra Button: Toolbar 3.0 der Telekom - {A9E70AB8-D4AB-44c3-88B8-E40491F08B50} - C:\Program Files\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Toolbar 3.0 der Telekom - {A9E70AB8-D4AB-44c3-88B8-E40491F08B50} - C:\Program Files (x86)\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - .DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15:64bit: - Admin_ON_C\..Trusted Domains: //@surf.mar@/ ([]money in Lokales Intranet)
O15:64bit: - Admin_ON_C\..Trusted Ranges: Range1 ([http] in Lokales Intranet)
O15:64bit: - UpdatusUser_ON_C\..Trusted Ranges: Range1 ([http] in )
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (Bandoo Media, inc)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/11/15 04:30:02 | 000,000,000 | ---D | C] -- C:\ProgramData\juesofuqzenvnac
[2012/11/14 04:23:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/11/14 04:23:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012/11/10 07:39:33 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2012/11/10 07:39:33 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2012/11/10 07:39:33 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2012/11/10 07:39:33 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2012/11/10 07:39:33 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2012/11/10 07:39:33 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2012/11/10 07:39:32 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2012/11/10 07:39:32 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2012/11/10 07:39:32 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2012/11/10 07:39:31 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2012/11/10 07:39:31 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2012/11/10 07:39:30 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2012/11/10 07:39:27 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2012/11/10 07:39:27 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2012/11/10 07:39:26 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2012/11/10 07:39:26 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2012/11/10 07:39:25 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2012/11/10 07:39:22 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2012/11/10 07:39:18 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2012/11/10 07:39:18 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2012/11/10 07:39:18 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2012/11/10 07:39:18 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2012/11/10 07:39:18 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2012/11/10 07:39:18 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2012/11/10 07:39:18 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2012/11/10 07:39:18 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2012/11/10 07:39:17 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2012/11/10 07:39:17 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2012/11/10 07:39:17 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2012/11/10 07:39:17 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2012/11/10 07:39:16 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2012/11/10 07:39:16 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2012/11/10 07:32:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks
[2012/11/10 07:32:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
[2012/11/09 03:31:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/11/09 03:31:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/11/09 03:31:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/11/06 18:05:59 | 000,000,000 | ---D | C] -- D:\UseNeXT
[2012/11/06 18:05:57 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\UseNeXT
[2012/11/06 18:05:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT
[2012/11/06 18:05:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UseNeXT
[2012/10/29 08:00:19 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Chromium
[2012/10/27 12:46:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/25 08:01:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netzmanager
[2012/10/25 08:01:05 | 000,000,000 | ---D | C] -- C:\Program Files\Netzmanager
[2012/10/25 08:00:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\{87B61FE8-334F-4066-B7AA-68DC81782D4D}
[2012/10/24 21:12:26 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2012/10/24 21:12:26 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2012/10/23 11:12:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/10/19 13:23:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\.minecraft
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/11/15 06:46:04 | 001,597,552 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2012/11/15 06:46:04 | 000,685,402 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/11/15 06:46:04 | 000,643,826 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/15 06:46:04 | 000,150,366 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/11/15 06:46:04 | 000,123,650 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/15 06:46:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4F792399-00DE-4408-A6C9-82E91FDAB779}.job
[2012/11/15 06:39:27 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/15 06:39:27 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/15 06:38:25 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/15 06:38:10 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/11/15 06:38:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/15 05:57:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-355835961-2044894735-1737668965-1000UA.job
[2012/11/15 05:03:16 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{DFFE065E-566A-40E0-86BD-A9E3B906FFE7}.job
[2012/11/15 04:35:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/15 04:30:02 | 000,076,360 | ---- | M] () -- C:\ProgramData\egabnywdhryaovg
[2012/11/15 04:29:56 | 000,062,976 | ---- | M] () -- C:\ProgramData\gzkmgyck.exe
[2012/11/15 04:26:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/14 17:16:25 | 006,220,479 | -H-- | M] () -- C:\Users\Admin\AppData\Local\IconCache.db
[2012/11/14 14:00:00 | 000,000,482 | ---- | M] () -- C:\Windows\tasks\WinMaximizer-Admin-Scheduled.job
[2012/11/14 04:23:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/11/11 17:57:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-355835961-2044894735-1737668965-1000Core.job
[2012/11/10 07:32:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
[2012/11/09 03:31:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/11/08 12:55:22 | 000,000,818 | ---- | M] () -- C:\Users\Admin\Desktop\Probenplan November.lnk
[2012/11/06 18:05:49 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT
[2012/10/25 08:01:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netzmanager
[2012/10/24 21:12:26 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2012/10/24 21:12:26 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2012/10/23 15:53:26 | 952,709,964 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/10/23 11:35:27 | 000,003,072 | ---- | M] () -- C:\Windows\SysWow64\Cache.db
[2012/10/23 11:12:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/10/20 16:42:12 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/11/15 04:30:01 | 000,062,976 | ---- | C] () -- C:\ProgramData\gzkmgyck.exe
[2012/11/15 04:29:59 | 000,076,360 | ---- | C] () -- C:\ProgramData\egabnywdhryaovg
[2012/11/08 12:54:37 | 000,000,818 | ---- | C] () -- C:\Users\Admin\Desktop\Probenplan November.lnk
[2012/07/14 07:30:18 | 000,000,021 | ---- | C] () -- C:\Users\Admin\AppData\Local\mc.pixel.data
[2012/07/05 17:39:57 | 000,000,040 | ---- | C] () -- C:\ProgramData\usymmvonoipbtvm
[2012/07/03 11:25:08 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012/06/03 14:43:38 | 000,000,018 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\sys386ll.dat
[2012/06/03 14:43:02 | 000,000,010 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\hhxprot5
[2012/05/23 11:13:30 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\Input.xml
[2012/05/23 11:13:04 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\Settings.xml
[2012/05/12 04:49:35 | 000,021,465 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\UserTile.png
[2012/03/05 07:58:34 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/03/05 07:58:34 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/09/19 06:06:51 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{58F6FC5F-FEC9-418C-8075-0BF341269AC3}
[2011/09/19 06:02:47 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{8736F569-73D5-4898-96B6-B2D8DB928A71}
[2011/09/19 05:23:44 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{DF0A3EEA-4AA8-4A1B-AE05-9F215F5160AB}
[2011/09/14 19:28:30 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{02167C78-4221-4EF1-8BED-10488DD27494}
[2011/09/14 19:24:29 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{F9879DDA-B2A0-4F45-B0B9-1DECC9BB181E}
[2011/09/10 20:13:06 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{9BAD74EB-684E-4A22-9B27-6CC7C823BED6}
[2011/09/10 20:07:50 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{8E78CD8E-D762-426A-9279-909FAF8ECC4E}
[2011/08/29 17:43:10 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{74BFA37D-F269-49F6-B6BC-996C94354BCC}
[2011/08/29 17:37:15 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{81695A4E-F852-44C0-A813-A8231CCF60B9}
[2011/08/23 05:51:11 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{15720912-6FCD-42F3-B350-446A6B9CA70E}
[2011/08/22 12:43:31 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{1765520F-AE10-433A-8174-8F45E752081F}
[2011/08/20 21:03:47 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{F8729B31-FDB2-4FD0-AB4A-B3829AE20972}
[2011/03/28 07:20:54 | 006,220,479 | -H-- | C] () -- C:\Users\Admin\AppData\Local\IconCache.db
[2010/12/06 01:54:20 | 000,000,170 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2010/12/06 01:52:32 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll
[2010/03/15 05:25:34 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/03/13 09:00:20 | 000,000,035 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/03/11 10:11:54 | 000,039,125 | ---- | C] () -- C:\Windows\iccsigs.dat
[2010/03/10 11:22:10 | 000,000,038 | ---- | C] () -- C:\Windows\wininit.ini
[2010/02/20 15:52:53 | 000,000,093 | ---- | C] () -- C:\Users\Admin\AppData\Local\fusioncache.dat
[2010/02/10 14:54:32 | 001,576,622 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/01/29 04:37:23 | 000,000,000 | ---- | C] () -- C:\Windows\longfile.INI
[2010/01/29 04:37:13 | 001,371,436 | R--- | C] () -- C:\Windows\SysWow64\VBAR2132.DLL
[2010/01/29 04:33:03 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\scpext.dll
[2009/11/17 17:08:56 | 000,699,183 | ---- | C] () -- C:\Users\Admin\AppData\Local\tmpDSCI0434.1
[2009/11/17 17:08:50 | 000,699,194 | ---- | C] () -- C:\Users\Admin\AppData\Local\tmpDSCI0434.JPG
[2009/11/17 17:08:49 | 001,826,773 | ---- | C] () -- C:\Users\Admin\AppData\Local\tmpDSCI0434.0
[2009/10/22 12:02:55 | 000,007,207 | R--- | C] () -- C:\Windows\Disktool.INI
[2009/10/22 12:02:55 | 000,003,677 | R--- | C] () -- C:\Windows\PlaySnd.INI
[2009/10/10 11:43:39 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll
[2009/10/09 09:34:29 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\CleanFFB.exe
[2009/09/19 12:42:56 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/19 12:42:35 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/09/19 12:42:15 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/09/19 09:20:30 | 000,556,846 | ---- | C] () -- C:\Users\Admin\AppData\Local\tmpDSC_0585_1519.JPG
[2009/09/19 09:20:01 | 000,005,625 | ---- | C] () -- C:\Users\Admin\AppData\Local\tmpDSC_0585_1519_navi.JPG
[2009/09/19 09:19:57 | 000,542,964 | ---- | C] () -- C:\Users\Admin\AppData\Local\tmpDSC_0585_1519.1
[2009/09/19 09:19:51 | 002,269,594 | ---- | C] () -- C:\Users\Admin\AppData\Local\tmpDSC_0585_1519.0
[2009/08/12 16:06:19 | 000,000,680 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2009/07/26 10:17:22 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Flange Saw
[2009/07/26 10:17:22 | 000,000,268 | RH-- | C] () -- C:\Users\Admin\AppData\Roaming\Filesystems
[2009/07/26 10:17:22 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2009/07/26 10:17:22 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Frameworks
[2009/07/26 10:12:54 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Filters
[2009/07/26 10:12:54 | 000,000,268 | RH-- | C] () -- C:\Users\Admin\AppData\Roaming\External Build System
[2009/07/26 10:12:53 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2009/07/26 10:12:53 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Folder Actions Handlers
[2009/07/07 14:30:19 | 000,170,087 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009/07/07 08:10:20 | 000,146,214 | ---- | C] () -- C:\Windows\hpoins18.dat
[2009/07/07 08:10:03 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2009/07/07 02:57:24 | 000,053,760 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/06 12:05:28 | 000,002,188 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps64.dat
[2009/07/06 10:21:59 | 000,153,360 | ---- | C] () -- C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/02/04 22:09:13 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/02/04 14:46:59 | 000,000,428 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2009/02/04 13:52:02 | 000,354,816 | ---- | C] () -- C:\Windows\SysWow64\pythoncom26.dll
[2009/02/04 13:52:02 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\pywintypes26.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/03/01 01:00:00 | 000,016,473 | ---- | C] () -- C:\Windows\SysWow64\SELF32.INI
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 10:07:25 | 000,037,665 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 10:07:25 | 000,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 10:07:25 | 000,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 10:07:25 | 000,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 10:02:31 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:37:06 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini
[2006/11/02 07:34:27 | 000,000,254 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 07:34:27 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2004/11/04 03:19:14 | 000,006,399 | R--- | C] () -- C:\Windows\fwupgrade.ini
========== LOP Check ==========
[2012/11/11 04:10:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\.minecraft
[2012/03/21 07:43:25 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\.spoutcraft
[2009/08/27 11:17:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Amazon
[2012/03/05 07:58:11 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Babylon
[2010/06/23 11:01:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\BloodTies
[2009/09/15 03:18:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\CoSoSys
[2010/07/29 07:21:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DarkParablesBriarRoseSE_BFG
[2010/01/11 08:35:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Desktopicon
[2011/08/13 06:39:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\digital publishing
[2010/09/21 07:12:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\elsterformular
[2012/01/26 15:14:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Festo
[2011/12/07 08:57:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FOG Downloader
[2009/08/07 15:24:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\funkitron
[2012/01/31 07:33:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Gaijin Ent
[2012/08/21 06:38:08 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\GARMIN
[2012/01/27 11:15:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Gogii
[2012/06/03 14:43:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Haushaltsbuch 5
[2012/04/12 03:33:53 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Image Zone Express
[2009/07/06 15:01:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IrfanView
[2011/11/15 11:23:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\kikin
[2012/04/05 13:46:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\loadtbs
[2009/07/08 08:50:36 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Magic Academy
[2009/12/14 16:55:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MastersOfMystery2
[2012/08/18 07:00:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
[2012/06/30 06:18:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2010/06/01 09:15:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Meridian93
[2012/05/22 09:05:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mkvtoolnix
[2010/03/14 08:26:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\muvee Technologies
[2011/05/25 04:39:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MyHeritage
[2010/06/23 11:11:21 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Nevosoft Games
[2009/07/26 10:35:11 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Nikon
[2011/11/15 06:03:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OCS
[2011/11/15 06:03:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Opera
[2010/05/08 14:14:42 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Peace Craft
[2012/05/12 04:49:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PeerNetworking
[2010/06/22 10:44:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PlayFirst
[2010/07/27 15:43:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PoBros
[2009/08/01 04:53:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Printer Info Cache
[2011/02/05 03:52:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ProtectDisc
[2010/06/19 10:05:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Settlement. Colossus
[2012/05/10 07:30:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SKAT
[2010/08/28 14:15:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Sony
[2011/12/18 12:09:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SPORE
[2010/08/28 11:49:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Teleca
[2012/02/23 09:42:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TestApp
[2010/12/06 01:52:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2012/05/21 08:24:06 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TS3Client
[2012/07/30 09:28:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Tunngle
[2010/11/15 13:08:37 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Turbine
[2012/11/06 18:57:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\UseNeXT
[2010/05/20 12:19:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\V-Games
[2010/05/19 12:11:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\VampireSaga
[2012/06/08 08:11:06 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WildTangent
[2009/07/07 14:33:06 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WinBatch
[2010/07/31 11:47:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Alawar Stargaze
[2012/01/27 11:15:03 | 000,000,000 | ---D | M] -- C:\ProgramData\AlawarWrapper
[2009/07/06 10:12:46 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2012/07/12 03:25:26 | 000,000,000 | ---D | M] -- C:\ProgramData\Ask
[2011/04/08 05:38:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Avanquest
[2012/03/05 07:58:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2010/01/20 11:46:19 | 000,000,000 | ---D | M] -- C:\ProgramData\BewerbungsMaster
[2011/10/29 02:56:29 | 000,000,000 | ---D | M] -- C:\ProgramData\boost_interprocess
[2010/08/28 11:57:46 | 000,000,000 | ---D | M] -- C:\ProgramData\BVRP Software
[2010/07/29 14:35:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Deadtime Stories
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2012/02/13 13:13:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Divinity 2
[2011/12/07 09:12:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Divinity 2 DKS
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/07/06 10:12:46 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010/10/15 08:45:47 | 000,000,000 | ---D | M] -- C:\ProgramData\Driver Whiz
[2011/09/06 10:46:40 | 000,000,000 | -HSD | M] -- C:\ProgramData\DSS
[2011/06/07 08:02:20 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Core
[2012/07/26 05:17:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2010/09/21 06:42:14 | 000,000,000 | ---D | M] -- C:\ProgramData\elsterformular
[2009/07/26 10:17:22 | 000,000,000 | ---D | M] -- C:\ProgramData\EnterNHelp
[2009/07/10 04:28:44 | 000,000,000 | ---D | M] -- C:\ProgramData\EscapeTheMuseum
[2009/07/06 10:12:46 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012/01/26 15:16:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Festo
[2012/08/08 16:39:45 | 000,000,000 | ---D | M] -- C:\ProgramData\firebird
[2011/06/01 07:28:55 | 000,000,000 | ---D | M] -- C:\ProgramData\Firefly Studios
[2010/05/21 10:56:59 | 000,000,000 | ---D | M] -- C:\ProgramData\GAMEON
[2012/08/20 07:40:24 | 000,000,000 | ---D | M] -- C:\ProgramData\GARMIN
[2010/02/20 16:04:23 | 000,000,000 | ---D | M] -- C:\ProgramData\HipSoft
[2012/03/28 11:29:57 | 000,000,000 | ---D | M] -- C:\ProgramData\InstallMate
[2010/07/27 15:27:52 | 000,000,000 | ---D | M] -- C:\ProgramData\JollyBear
[2012/11/15 04:30:03 | 000,000,000 | ---D | M] -- C:\ProgramData\juesofuqzenvnac
[2010/03/27 06:54:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Kingdom
[2010/03/26 14:36:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Kristanix Games
[2010/06/01 09:15:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Meridian93
[2011/12/30 15:45:18 | 000,000,000 | ---D | M] -- C:\ProgramData\mquadr.at
[2010/03/14 07:23:56 | 000,000,000 | ---D | M] -- C:\ProgramData\muvee Technologies
[2011/05/25 04:41:26 | 000,000,000 | ---D | M] -- C:\ProgramData\MyHeritage
[2012/10/25 08:01:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Netzmanager
[2009/09/06 10:15:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Newsoft
[2009/07/26 10:16:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Nikon
[2010/05/08 14:10:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Oberon Media
[2009/02/04 14:36:56 | 000,000,000 | ---D | M] -- C:\ProgramData\PC-Doctor
[2009/02/04 14:36:55 | 000,000,000 | ---D | M] -- C:\ProgramData\PC-Doctor for Windows
[2010/06/22 10:44:47 | 000,000,000 | ---D | M] -- C:\ProgramData\PlayFirst
[2010/11/09 15:30:54 | 000,000,000 | ---D | M] -- C:\ProgramData\PMB Files
[2010/07/27 15:43:09 | 000,000,000 | ---D | M] -- C:\ProgramData\PoBros
[2012/03/28 11:19:33 | 000,000,000 | ---D | M] -- C:\ProgramData\Premium
[2009/09/08 07:48:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Sandlot Games
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/07/06 10:12:46 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2012/01/08 11:34:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Tarma Installer
[2012/10/23 11:35:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2012/07/14 07:34:33 | 000,000,000 | ---D | M] -- C:\ProgramData\tmp
[2012/08/06 11:52:09 | 000,000,000 | ---D | M] -- C:\ProgramData\Tunngle
[2010/10/15 08:46:13 | 000,000,000 | ---D | M] -- C:\ProgramData\UAB
[2009/07/26 10:17:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Ultima_T15
[2009/07/06 10:12:46 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2012/06/08 08:11:47 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangent
[2011/07/26 17:36:27 | 000,000,000 | ---D | M] -- C:\ProgramData\WinMaximizer
[2011/10/28 12:48:15 | 000,000,000 | -H-D | M] -- C:\ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}
[2012/10/25 08:01:09 | 000,000,000 | -H-D | M] -- C:\ProgramData\{87B61FE8-334F-4066-B7AA-68DC81782D4D}
[2012/10/25 08:00:46 | 000,000,000 | -H-D | M] -- C:\ProgramData\{DD034EDF-8A92-4F84-A64A-26BF9B7AE354}
[2012/11/11 17:57:00 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-355835961-2044894735-1737668965-1000Core.job
[2012/11/15 05:57:01 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-355835961-2044894735-1737668965-1000UA.job
[2012/10/20 16:42:12 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2012/11/15 05:18:55 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/11/15 06:46:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4F792399-00DE-4408-A6C9-82E91FDAB779}.job
[2012/11/15 05:03:16 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{DFFE065E-566A-40E0-86BD-A9E3B906FFE7}.job
[2012/11/14 14:00:00 | 000,000,482 | ---- | M] () -- C:\Windows\Tasks\WinMaximizer-Admin-Scheduled.job
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2012/07/27 09:11:06 | 000,045,041 | ---- | M] ()(C:\Users\Admin\Desktop\mama eule ?.jpg) -- C:\Users\Admin\Desktop\mama eule ♥.jpg
[2012/07/27 09:11:06 | 000,045,041 | ---- | C] ()(C:\Users\Admin\Desktop\mama eule ?.jpg) -- C:\Users\Admin\Desktop\mama eule ♥.jpg
========== Alternate Data Streams ==========
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:1013B07C
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:9CB2B6C5
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:D287FACF
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:794BB94F
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:9C5E2795
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:204BEE0F
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:940ECC98
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:687D1056
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:8F925134
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:D93DCF15
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:5425B7F5
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:D44D0CA3
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1
< End of report >
OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 11/15/2012 1:04:09 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.19328)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.33 Gb Total Space | 211.08 Gb Free Space | 36.25% Space Free | Partition Type: NTFS
Drive D: | 596.17 Gb Total Space | 325.13 Gb Free Space | 54.54% Space Free | Partition Type: NTFS
Drive J: | 13.84 Gb Total Space | 1.95 Gb Free Space | 14.07% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
Using ControlSet: ControlSet001
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Telekom Fotoservice] -- "C:\Program Files (x86)\Online Services\Telekom Fotoservice\Telekom Fotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Telekom Fotoservice] -- "C:\Program Files (x86)\Online Services\Telekom Fotoservice\Telekom Fotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = EE C5 D6 81 58 39 CA 01 [binary data]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{51DDB4F9-7FFF-4970-AED4-DB3C22A5C522}" = Corel Graphics - Windows Shell Extension 64 Bit
"{52D530AD-5CCA-48dc-B6F0-6D14652B0291}" = AIO_CDA_ToolboxIni64
"{550331CC-C34B-494F-BCDA-37CE4EF6E924}" = Garmin Communicator Plugin x64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{78F697ED-EC97-4D8D-881D-838984EA9855}" = 64 Bit HP CIO Components Installer
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F1568AA6-5982-4AFB-A871-C68E4328BC3B}" = HP MediaSmart SmartMenu
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"Mediencenter Software" = Mediencenter Assistent
"Meine Dienste Software" = Meine Dienste Software
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"OfficeTrial" = Testversion von Microsoft Office Home and Student 2007
"PC-Doctor for Windows" = Hardware Diagnose Tools
"SearchAnonymizer" = SearchAnonymizer
"Toolbar3 x64_is1" = Toolbar 3.0 der Telekom x64
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{51DDB4F9-7FFF-4970-AED4-DB3C22A5C522}" = Corel Graphics - Windows Shell Extension 64 Bit
"{52D530AD-5CCA-48dc-B6F0-6D14652B0291}" = AIO_CDA_ToolboxIni64
"{550331CC-C34B-494F-BCDA-37CE4EF6E924}" = Garmin Communicator Plugin x64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{78F697ED-EC97-4D8D-881D-838984EA9855}" = 64 Bit HP CIO Components Installer
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F1568AA6-5982-4AFB-A871-C68E4328BC3B}" = HP MediaSmart SmartMenu
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"Mediencenter Software" = Mediencenter Assistent
"Meine Dienste Software" = Meine Dienste Software
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"OfficeTrial" = Testversion von Microsoft Office Home and Student 2007
"PC-Doctor for Windows" = Hardware Diagnose Tools
"SearchAnonymizer" = SearchAnonymizer
"Toolbar3 x64_is1" = Toolbar 3.0 der Telekom x64
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\Admin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = aTube Toolbar Updater
"32 Vegas Casino" = 21Nova Casino
"Casino King" = Casino King
"EuroGrand Casino" = EuroGrand Casino
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Noble Casino" = Noble Casino
"Swiss Casino" = Swiss Casino
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"William Hill CASINO CLUB" = William Hill CASINO CLUB
< End of report >
Geändert von Krake (15.11.2012 um 14:08 Uhr) |
|
15.11.2012, 14:59
| #2 |
| /// Malwareteam    | Cyer police Sperre Mein Name ist Marius und ich werde dir bei deinem Problem helfen. Eines vorneweg: Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist. Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Vista und Win7 User Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten. Schritt 1: Fix mit OTLPE
Starte nun den Rechner im normalen Modus. Melde dich, falls dies nicht funktioniert! Schritt 2: defogger Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung. Schritt 3: aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Schritt 4: Scan mit TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
Schritt 5: OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
__________________ |
|
15.11.2012, 16:40
| #3 |
| | Cyer police Sperre Ich komme nicht auf das Laufgwerk des Sticks um die TXT Datei zu laden
__________________folgende funktioniert: Speichere die Datei als fix.txt auf einem USB-Stick. Am infizierten Rechner, schließe den USB-Stick an, boote OTLPEN. Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen. Mache einen Doppelklick auf das OTLPE Icon. Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes. Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes. Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK. OTLpe sollte nun starten. Klicke nun bitte auf den Fix Button. Lade die fix.txt von deinem Stick. Ein Text lädt sich im OTLpefenster und dann geht nix mehr. Ich habe den Ablauf mehrfach versucht. Jedesmal hängt sich der PC auf. Er reagiert nicht und daher kann ich den Fix Button kein 2.te mal aktivieren. Was ist nun zu tun?? Ein OTL Text ist hier:OTL Logfile: Code:
ATTFilter OTL logfile created on: 11/15/2012 7:03:00 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.19328)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.33 Gb Total Space | 211.11 Gb Free Space | 36.25% Space Free | Partition Type: NTFS
Drive D: | 596.17 Gb Total Space | 325.13 Gb Free Space | 54.54% Space Free | Partition Type: NTFS
Drive J: | 13.84 Gb Total Space | 1.95 Gb Free Space | 14.07% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2012/07/20 07:00:51 | 002,635,776 | ---- | M] (Deutsche Telekom AG) [Auto] -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV:64bit: - [2011/11/23 07:02:07 | 000,012,800 | ---- | M] (Deutsche Telekom AG) [Auto] -- C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe -- (MCSWASVR)
SRV:64bit: - [2010/09/22 12:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/11/12 08:22:38 | 002,452,912 | ---- | M] (LogMeIn Inc.) [Auto] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/10/27 12:46:15 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/10 14:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/09 13:26:22 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/02 06:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/07/19 11:08:04 | 000,738,152 | ---- | M] (Tunngle.net GmbH) [On_Demand] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012/07/16 09:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe -- (NIS)
SRV - [2012/06/07 12:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/11/15 06:03:00 | 000,040,960 | ---- | M] () [Auto] -- C:\Users\Admin\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2011/06/29 08:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011/04/01 04:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 04:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/17 04:14:50 | 000,098,304 | ---- | M] (Firebird Project) [Auto] -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2010/09/17 04:14:42 | 003,735,552 | ---- | M] (Firebird Project) [On_Demand] -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2010/03/18 06:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/10 07:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/04/22 15:53:22 | 000,296,320 | ---- | M] () [Auto] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2009/04/22 15:53:22 | 000,116,104 | ---- | M] () [Auto] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/03 11:21:18 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/02/03 06:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/01/20 21:47:00 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 21:47:00 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/07/05 21:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\NISx64\1309000.009\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2012/07/05 21:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | System] -- C:\Windows\System32\Drivers\NISx64\1309000.009\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2012/06/06 23:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/05/21 20:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\NISx64\1309000.009\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/04/17 21:13:32 | 000,445,560 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\System32\Drivers\NISx64\1309000.009\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2012/04/17 20:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2012/03/26 15:15:10 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/03/08 11:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/11/23 21:23:20 | 000,043,640 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2011/07/25 13:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\NISx64\1309000.009\symds64.sys -- (SymDS)
DRV:64bit: - [2011/07/07 18:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/10/25 11:04:46 | 000,384,616 | ---- | M] (Realtek ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2010/09/16 10:02:59 | 000,045,664 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand] -- C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys -- (TelekomNM6)
DRV:64bit: - [2010/08/28 14:21:28 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV:64bit: - [2010/05/15 08:55:14 | 000,318,152 | ---- | M] (EldoS Corporation) [Kernel | System] -- C:\Windows\System32\drivers\cbfs3.sys -- (cbfs3)
DRV:64bit: - [2010/03/15 03:38:46 | 000,161,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039mdm.sys -- (s1039mdm)
DRV:64bit: - [2010/03/15 03:38:46 | 000,158,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039unic.sys -- (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM)
DRV:64bit: - [2010/03/15 03:38:46 | 000,141,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039mgmt.sys -- (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2010/03/15 03:38:46 | 000,137,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039obex.sys -- (s1039obex)
DRV:64bit: - [2010/03/15 03:38:46 | 000,034,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039nd5.sys -- (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS)
DRV:64bit: - [2010/03/15 03:38:46 | 000,019,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039mdfl.sys -- (s1039mdfl)
DRV:64bit: - [2010/03/15 03:38:38 | 000,127,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039bus.sys -- (s1039bus) Sony Ericsson Device 1039 driver (WDM)
DRV:64bit: - [2009/10/20 11:20:36 | 000,114,608 | ---- | M] (Philips Applied Technologies) [Kernel | On_Demand] -- C:\Windows\System32\drivers\phaudlwr.sys -- (phaudlwr)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WpdUsb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/16 01:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV:64bit: - [2009/04/06 02:13:46 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2009/04/06 02:13:46 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2009/03/18 11:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/01/19 13:32:22 | 000,334,344 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2008/11/04 18:34:10 | 000,025,888 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand] -- C:\Program Files\PC-Doctor for Windows\pcd5srvc_x64.pkms -- (PCD5SRVC{8AAF211B-043E02A9-05040000})
DRV:64bit: - [2008/10/21 02:22:44 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV:64bit: - [2008/10/21 02:22:44 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex)
DRV:64bit: - [2008/10/21 02:22:44 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV:64bit: - [2008/10/21 02:22:42 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm)
DRV:64bit: - [2008/10/21 02:22:42 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008/10/21 02:22:42 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV:64bit: - [2008/10/21 02:22:40 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV:64bit: - [2008/07/07 07:13:28 | 000,587,264 | ---- | M] ( ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SPC630.sys -- (SPC630)
DRV:64bit: - [2008/07/07 07:13:28 | 000,008,192 | ---- | M] ( ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SPC630m.sys -- (SPC630m)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV - [2012/11/15 03:19:48 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20121114.008\ex64.sys -- (NAVEX15)
DRV - [2012/11/15 03:19:48 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20121114.008\eng64.sys -- (NAVENG)
DRV - [2012/10/23 18:34:23 | 001,384,608 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20121106.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/08/31 19:27:23 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20121114.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/09 03:32:48 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2008/11/28 11:04:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/07/07 21:35:01] [Kernel | Auto] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de
IE - HKU\Admin_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Key error. File not found
IE - HKU\Admin_ON_C\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - Reg Error: Key error. File not found
IE - HKU\Admin_ON_C\..\URLSearchHook: {c9508125-4747-4733-b048-e4b82dc9716d} - Reg Error: Key error. File not found
IE - HKU\Admin_ON_C\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - Reg Error: Key error. File not found
IE - HKU\Admin_ON_C\..\URLSearchHook: {fc01c2be-850b-4115-9b6b-9a427ddecc34} - Reg Error: Key error. File not found
IE - HKU\Admin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de
IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de
IE - HKU\UpdatusUser_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt
IE - HKU\UpdatusUser_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?AF=109867&babsrc=HP_ss&mntrId=52af82fa00000000000000248c6cb188"
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_11_4_402_287.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\19\NP_wtapp.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Admin\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn\ [2012/02/01 06:15:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn\ [2012/11/15 12:29:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/06 16:23:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/09 03:31:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/09 03:31:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/09 03:31:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/09 03:31:41 | 000,000,000 | ---D | M]
[2011/10/28 12:47:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions
[2012/10/25 11:22:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\extensions
[2012/08/21 04:30:12 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/11/24 00:57:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/08/21 12:13:05 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2011/10/28 12:47:54 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2012/01/18 13:54:51 | 000,000,000 | ---D | M] (kikin plugin) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
[2012/08/22 03:48:56 | 000,000,000 | ---D | M] (InnoGames Community Toolbar) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\extensions\{c7478d43-2bd5-4844-98b8-c2a6aa9ed677}
[2012/08/21 12:13:04 | 000,000,000 | ---D | M] (PHPNukeDE Community Toolbar) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\extensions\{c9508125-4747-4733-b048-e4b82dc9716d}
[2012/09/07 15:58:06 | 000,000,000 | ---D | M] (DieStaemme Community Toolbar) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\extensions\{e0dcd7a1-949c-490a-bd7b-d733c2bda820}
[2010/02/10 04:41:02 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2011/10/05 06:47:18 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\extensions\2020Player_IKEA@2020Technologies.com
[2012/10/07 11:30:46 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\extensions\crossriderapp2258@crossrider.com
[2011/08/13 06:38:51 | 000,000,000 | ---D | M] (dp Launcher Plugin) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\extensions\dplauncher@digitalpublishing.de
[2012/10/25 11:22:50 | 000,000,000 | ---D | M] ("Inbox Toolbar") -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\extensions\inboxcomtoolbar@inbox.com
[2012/01/08 11:34:53 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\extensions\plugin@yontoo.com
[2012/10/07 11:30:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\extensions\crossriderapp2258@crossrider.com\chrome\content\extensionCode
[2012/10/11 05:16:31 | 000,000,911 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\searchplugins\11-suche.xml
[2012/08/15 11:50:21 | 000,002,331 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\searchplugins\askcom.xml
[2011/11/15 06:03:04 | 000,001,123 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\searchplugins\conduit.xml
[2012/10/11 05:16:32 | 000,002,273 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\searchplugins\englische-ergebnisse.xml
[2012/08/27 05:16:27 | 000,004,400 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\searchplugins\faroo.xml
[2012/10/11 05:16:31 | 000,010,563 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\searchplugins\gmx-suche.xml
[2012/10/11 05:16:32 | 000,002,432 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\searchplugins\lastminute.xml
[2012/01/19 08:23:26 | 000,002,203 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\searchplugins\MyStart Search.xml
[2011/11/15 06:03:04 | 000,002,663 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\searchplugins\safesearch.xml
[2011/10/28 12:47:51 | 000,002,520 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\searchplugins\SearchResults.xml
[2012/10/11 05:16:31 | 000,005,545 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\searchplugins\webde-suche.xml
[2011/11/15 06:03:04 | 000,001,870 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\searchplugins\{8B4E0C9C-0D8A-4061-9A93-9D08C93ED5DE}.xml
[2011/11/15 06:03:04 | 000,002,188 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\searchplugins\{8D8026EB-AF30-45F6-9394-2A01ECE703F3}.xml
[2011/11/15 06:03:04 | 000,002,077 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\searchplugins\{B9BC2AD6-A6CD-4421-B991-2390436E934C}.xml
[2012/10/27 12:46:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/27 12:46:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) --
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JA9QJA59.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JA9QJA59.DEFAULT\EXTENSIONS\FINDER@MEINGUTSCHEINCODE.DE.XPI
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JA9QJA59.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012/10/27 12:46:15 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/16 06:43:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/03/05 07:58:13 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/10/16 06:43:29 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/16 06:43:29 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/10/16 06:43:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/10/28 12:47:51 | 000,002,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2012/10/16 06:43:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/10/16 06:43:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O2:64bit: - BHO: (SearchCore for Browsers) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\BrowserConnection.dll (Bandoo Media, inc)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Toolbar 3.0 der Telekom Browserhilfsobjekt) - {C9603180-FA5C-4DB0-A013-ADC60309AF82} - C:\Program Files\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (SearchCore for Browsers) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Toolbar 3.0 der Telekom Browserhilfsobjekt) - {C9603180-FA5C-4DB0-A013-ADC60309AF82} - C:\Program Files (x86)\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (Toolbar 3.0 der Telekom) - {2015C8D4-8534-48DB-B5FB-5C76291F080C} - C:\Program Files\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Toolbar 3.0 der Telekom) - {2015C8D4-8534-48DB-B5FB-5C76291F080C} - C:\Program Files (x86)\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKU\Admin_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\Admin_ON_C\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKU\Admin_ON_C\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation)
O3 - HKU\Admin_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Admin_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files (x86)\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Admin\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKU\Admin_ON_C..\Run: [Facebook Update] C:\Users\Admin\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\Admin_ON_C..\Run: [gzkmgyckzfscuif] C:\ProgramData\gzkmgyck.exe ()
O4 - HKU\Admin_ON_C..\Run: [NortonUtilities] C:\Program Files (x86)\Norton Utilities 14\rmtray.exe (Symantec Corporation)
O4 - HKU\Admin_ON_C..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = File not found
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk = C:\Program Files\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O4 - Startup: C:\Users\AppData\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk = C:\Program Files\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk = C:\Program Files\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk = C:\Program Files\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)
O4 - Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk = C:\Program Files\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\Admin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Admin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Admin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9:64bit: - Extra Button: Toolbar 3.0 der Telekom - {A9E70AB8-D4AB-44c3-88B8-E40491F08B50} - C:\Program Files\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Toolbar 3.0 der Telekom - {A9E70AB8-D4AB-44c3-88B8-E40491F08B50} - C:\Program Files (x86)\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - .DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15:64bit: - Admin_ON_C\..Trusted Domains: //@surf.mar@/ ([]money in Lokales Intranet)
O15:64bit: - Admin_ON_C\..Trusted Ranges: Range1 ([http] in Lokales Intranet)
O15:64bit: - UpdatusUser_ON_C\..Trusted Ranges: Range1 ([http] in )
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (Bandoo Media, inc)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Cabo.JPG
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Cabo.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{46081905-fd58-11e0-87d6-00248c6cb188}\Shell - "" = AutoRun
O33 - MountPoints2\{46081905-fd58-11e0-87d6-00248c6cb188}\Shell\AutoRun\command - "" = M:\LGAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/11/15 13:26:49 | 000,000,000 | -HSD | C] -- D:\RECYCLER
[2012/11/15 13:26:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/11/15 04:30:02 | 000,000,000 | ---D | C] -- C:\ProgramData\juesofuqzenvnac
[2012/11/14 04:23:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/11/14 04:23:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012/11/10 07:39:33 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2012/11/10 07:39:33 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2012/11/10 07:39:33 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2012/11/10 07:39:33 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2012/11/10 07:39:33 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2012/11/10 07:39:33 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2012/11/10 07:39:32 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2012/11/10 07:39:32 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2012/11/10 07:39:32 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2012/11/10 07:39:31 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2012/11/10 07:39:31 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2012/11/10 07:39:30 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2012/11/10 07:39:27 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2012/11/10 07:39:27 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2012/11/10 07:39:26 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2012/11/10 07:39:26 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2012/11/10 07:39:25 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2012/11/10 07:39:22 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2012/11/10 07:39:18 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2012/11/10 07:39:18 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2012/11/10 07:39:18 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2012/11/10 07:39:18 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2012/11/10 07:39:18 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2012/11/10 07:39:18 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2012/11/10 07:39:18 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2012/11/10 07:39:18 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2012/11/10 07:39:17 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2012/11/10 07:39:17 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2012/11/10 07:39:17 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2012/11/10 07:39:17 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2012/11/10 07:39:16 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2012/11/10 07:39:16 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2012/11/10 07:32:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks
[2012/11/10 07:32:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
[2012/11/09 03:31:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/11/09 03:31:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/11/09 03:31:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/11/06 18:05:59 | 000,000,000 | ---D | C] -- D:\UseNeXT
[2012/11/06 18:05:57 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\UseNeXT
[2012/11/06 18:05:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT
[2012/11/06 18:05:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UseNeXT
[2012/10/29 08:00:19 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Chromium
[2012/10/27 12:46:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/25 08:01:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netzmanager
[2012/10/25 08:01:05 | 000,000,000 | ---D | C] -- C:\Program Files\Netzmanager
[2012/10/25 08:00:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\{87B61FE8-334F-4066-B7AA-68DC81782D4D}
[2012/10/24 21:12:26 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2012/10/24 21:12:26 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2012/10/23 11:12:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/10/19 13:23:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\.minecraft
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/11/15 12:36:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/15 12:36:26 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/15 12:36:26 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/15 12:36:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4F792399-00DE-4408-A6C9-82E91FDAB779}.job
[2012/11/15 12:35:48 | 000,685,402 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/11/15 12:35:48 | 000,643,826 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/15 12:35:48 | 000,150,366 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/11/15 12:35:48 | 000,123,650 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/15 12:35:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/15 12:28:20 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/15 05:57:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-355835961-2044894735-1737668965-1000UA.job
[2012/11/15 05:03:16 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{DFFE065E-566A-40E0-86BD-A9E3B906FFE7}.job
[2012/11/15 04:30:02 | 000,076,360 | ---- | M] () -- C:\ProgramData\egabnywdhryaovg
[2012/11/15 04:29:56 | 000,062,976 | ---- | M] () -- C:\ProgramData\gzkmgyck.exe
[2012/11/15 04:26:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/14 14:00:00 | 000,000,482 | ---- | M] () -- C:\Windows\tasks\WinMaximizer-Admin-Scheduled.job
[2012/11/14 04:23:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/11/11 17:57:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-355835961-2044894735-1737668965-1000Core.job
[2012/11/10 07:32:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
[2012/11/09 03:31:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/11/08 12:55:22 | 000,000,818 | ---- | M] () -- C:\Users\Admin\Desktop\Probenplan November.lnk
[2012/11/06 18:05:49 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT
[2012/10/25 08:01:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netzmanager
[2012/10/24 21:12:26 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2012/10/24 21:12:26 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2012/10/23 15:53:26 | 952,709,964 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/10/23 11:35:27 | 000,003,072 | ---- | M] () -- C:\Windows\SysWow64\Cache.db
[2012/10/23 11:12:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/10/20 16:42:12 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/11/15 04:30:01 | 000,062,976 | ---- | C] () -- C:\ProgramData\gzkmgyck.exe
[2012/11/15 04:29:59 | 000,076,360 | ---- | C] () -- C:\ProgramData\egabnywdhryaovg
[2012/11/08 12:54:37 | 000,000,818 | ---- | C] () -- C:\Users\Admin\Desktop\Probenplan November.lnk
[2012/07/14 07:30:18 | 000,000,021 | ---- | C] () -- C:\Users\Admin\AppData\Local\mc.pixel.data
[2012/07/05 17:39:57 | 000,000,040 | ---- | C] () -- C:\ProgramData\usymmvonoipbtvm
[2012/07/03 11:25:08 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012/06/03 14:43:38 | 000,000,018 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\sys386ll.dat
[2012/06/03 14:43:02 | 000,000,010 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\hhxprot5
[2012/05/23 11:13:30 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\Input.xml
[2012/05/23 11:13:04 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\Settings.xml
[2012/05/12 04:49:35 | 000,021,465 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\UserTile.png
[2012/03/05 07:58:34 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/03/05 07:58:34 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/09/19 06:06:51 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{58F6FC5F-FEC9-418C-8075-0BF341269AC3}
[2011/09/19 06:02:47 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{8736F569-73D5-4898-96B6-B2D8DB928A71}
[2011/09/19 05:23:44 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{DF0A3EEA-4AA8-4A1B-AE05-9F215F5160AB}
[2011/09/14 19:28:30 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{02167C78-4221-4EF1-8BED-10488DD27494}
[2011/09/14 19:24:29 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{F9879DDA-B2A0-4F45-B0B9-1DECC9BB181E}
[2011/09/10 20:13:06 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{9BAD74EB-684E-4A22-9B27-6CC7C823BED6}
[2011/09/10 20:07:50 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{8E78CD8E-D762-426A-9279-909FAF8ECC4E}
[2011/08/29 17:43:10 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{74BFA37D-F269-49F6-B6BC-996C94354BCC}
[2011/08/29 17:37:15 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{81695A4E-F852-44C0-A813-A8231CCF60B9}
[2011/08/23 05:51:11 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{15720912-6FCD-42F3-B350-446A6B9CA70E}
[2011/08/22 12:43:31 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{1765520F-AE10-433A-8174-8F45E752081F}
[2011/08/20 21:03:47 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{F8729B31-FDB2-4FD0-AB4A-B3829AE20972}
[2010/12/06 01:54:20 | 000,000,170 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2010/12/06 01:52:32 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll
[2010/03/15 05:25:34 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/03/13 09:00:20 | 000,000,035 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/03/11 10:11:54 | 000,039,125 | ---- | C] () -- C:\Windows\iccsigs.dat
[2010/03/10 11:22:10 | 000,000,038 | ---- | C] () -- C:\Windows\wininit.ini
[2010/02/20 15:52:53 | 000,000,093 | ---- | C] () -- C:\Users\Admin\AppData\Local\fusioncache.dat
[2010/02/10 14:54:32 | 001,576,622 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/01/29 04:37:23 | 000,000,000 | ---- | C] () -- C:\Windows\longfile.INI
[2010/01/29 04:37:13 | 001,371,436 | R--- | C] () -- C:\Windows\SysWow64\VBAR2132.DLL
[2010/01/29 04:33:03 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\scpext.dll
[2009/11/17 17:08:56 | 000,699,183 | ---- | C] () -- C:\Users\Admin\AppData\Local\tmpDSCI0434.1
[2009/11/17 17:08:50 | 000,699,194 | ---- | C] () -- C:\Users\Admin\AppData\Local\tmpDSCI0434.JPG
[2009/11/17 17:08:49 | 001,826,773 | ---- | C] () -- C:\Users\Admin\AppData\Local\tmpDSCI0434.0
[2009/10/22 12:02:55 | 000,007,207 | R--- | C] () -- C:\Windows\Disktool.INI
[2009/10/22 12:02:55 | 000,003,677 | R--- | C] () -- C:\Windows\PlaySnd.INI
[2009/10/10 11:43:39 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll
[2009/10/09 09:34:29 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\CleanFFB.exe
[2009/09/19 12:42:56 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/19 12:42:35 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/09/19 12:42:15 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/09/19 09:20:30 | 000,556,846 | ---- | C] () -- C:\Users\Admin\AppData\Local\tmpDSC_0585_1519.JPG
[2009/09/19 09:20:01 | 000,005,625 | ---- | C] () -- C:\Users\Admin\AppData\Local\tmpDSC_0585_1519_navi.JPG
[2009/09/19 09:19:57 | 000,542,964 | ---- | C] () -- C:\Users\Admin\AppData\Local\tmpDSC_0585_1519.1
[2009/09/19 09:19:51 | 002,269,594 | ---- | C] () -- C:\Users\Admin\AppData\Local\tmpDSC_0585_1519.0
[2009/08/12 16:06:19 | 000,000,680 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2009/07/26 10:17:22 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Flange Saw
[2009/07/26 10:17:22 | 000,000,268 | RH-- | C] () -- C:\Users\Admin\AppData\Roaming\Filesystems
[2009/07/26 10:17:22 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2009/07/26 10:17:22 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Frameworks
[2009/07/26 10:12:54 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Filters
[2009/07/26 10:12:54 | 000,000,268 | RH-- | C] () -- C:\Users\Admin\AppData\Roaming\External Build System
[2009/07/26 10:12:53 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2009/07/26 10:12:53 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Folder Actions Handlers
[2009/07/07 14:30:19 | 000,170,087 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009/07/07 08:10:20 | 000,146,214 | ---- | C] () -- C:\Windows\hpoins18.dat
[2009/07/07 08:10:03 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2009/07/07 02:57:24 | 000,053,760 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/06 12:05:28 | 000,002,188 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps64.dat
[2009/02/04 22:09:13 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/02/04 14:46:59 | 000,000,428 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2009/02/04 13:52:02 | 000,354,816 | ---- | C] () -- C:\Windows\SysWow64\pythoncom26.dll
[2009/02/04 13:52:02 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\pywintypes26.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/03/01 01:00:00 | 000,016,473 | ---- | C] () -- C:\Windows\SysWow64\SELF32.INI
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 10:02:31 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2004/11/04 03:19:14 | 000,006,399 | R--- | C] () -- C:\Windows\fwupgrade.ini
========== LOP Check ==========
[2012/11/11 04:10:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\.minecraft
[2012/03/21 07:43:25 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\.spoutcraft
[2009/08/27 11:17:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Amazon
[2012/03/05 07:58:11 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Babylon
[2010/06/23 11:01:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\BloodTies
[2009/09/15 03:18:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\CoSoSys
[2010/07/29 07:21:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DarkParablesBriarRoseSE_BFG
[2010/01/11 08:35:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Desktopicon
[2011/08/13 06:39:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\digital publishing
[2010/09/21 07:12:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\elsterformular
[2012/01/26 15:14:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Festo
[2011/12/07 08:57:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FOG Downloader
[2009/08/07 15:24:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\funkitron
[2012/01/31 07:33:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Gaijin Ent
[2012/08/21 06:38:08 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\GARMIN
[2012/01/27 11:15:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Gogii
[2012/06/03 14:43:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Haushaltsbuch 5
[2012/04/12 03:33:53 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Image Zone Express
[2009/07/06 15:01:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IrfanView
[2011/11/15 11:23:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\kikin
[2012/04/05 13:46:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\loadtbs
[2009/07/08 08:50:36 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Magic Academy
[2009/12/14 16:55:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MastersOfMystery2
[2012/08/18 07:00:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
[2012/06/30 06:18:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2010/06/01 09:15:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Meridian93
[2012/05/22 09:05:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mkvtoolnix
[2010/03/14 08:26:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\muvee Technologies
[2011/05/25 04:39:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MyHeritage
[2010/06/23 11:11:21 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Nevosoft Games
[2009/07/26 10:35:11 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Nikon
[2011/11/15 06:03:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OCS
[2011/11/15 06:03:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Opera
[2010/05/08 14:14:42 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Peace Craft
[2012/05/12 04:49:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PeerNetworking
[2010/06/22 10:44:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PlayFirst
[2010/07/27 15:43:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PoBros
[2009/08/01 04:53:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Printer Info Cache
[2011/02/05 03:52:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ProtectDisc
[2010/06/19 10:05:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Settlement. Colossus
[2012/05/10 07:30:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SKAT
[2010/08/28 14:15:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Sony
[2011/12/18 12:09:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SPORE
[2010/08/28 11:49:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Teleca
[2012/02/23 09:42:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TestApp
[2010/12/06 01:52:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2012/05/21 08:24:06 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TS3Client
[2012/07/30 09:28:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Tunngle
[2010/11/15 13:08:37 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Turbine
[2012/11/06 18:57:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\UseNeXT
[2010/05/20 12:19:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\V-Games
[2010/05/19 12:11:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\VampireSaga
[2012/06/08 08:11:06 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WildTangent
[2009/07/07 14:33:06 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WinBatch
[2010/07/31 11:47:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Alawar Stargaze
[2012/01/27 11:15:03 | 000,000,000 | ---D | M] -- C:\ProgramData\AlawarWrapper
[2009/07/06 10:12:46 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2012/07/12 03:25:26 | 000,000,000 | ---D | M] -- C:\ProgramData\Ask
[2011/04/08 05:38:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Avanquest
[2012/03/05 07:58:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2010/01/20 11:46:19 | 000,000,000 | ---D | M] -- C:\ProgramData\BewerbungsMaster
[2011/10/29 02:56:29 | 000,000,000 | ---D | M] -- C:\ProgramData\boost_interprocess
[2010/08/28 11:57:46 | 000,000,000 | ---D | M] -- C:\ProgramData\BVRP Software
[2010/07/29 14:35:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Deadtime Stories
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2012/02/13 13:13:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Divinity 2
[2011/12/07 09:12:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Divinity 2 DKS
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/07/06 10:12:46 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010/10/15 08:45:47 | 000,000,000 | ---D | M] -- C:\ProgramData\Driver Whiz
[2011/09/06 10:46:40 | 000,000,000 | -HSD | M] -- C:\ProgramData\DSS
[2011/06/07 08:02:20 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Core
[2012/07/26 05:17:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2010/09/21 06:42:14 | 000,000,000 | ---D | M] -- C:\ProgramData\elsterformular
[2009/07/26 10:17:22 | 000,000,000 | ---D | M] -- C:\ProgramData\EnterNHelp
[2009/07/10 04:28:44 | 000,000,000 | ---D | M] -- C:\ProgramData\EscapeTheMuseum
[2009/07/06 10:12:46 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012/01/26 15:16:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Festo
[2012/08/08 16:39:45 | 000,000,000 | ---D | M] -- C:\ProgramData\firebird
[2011/06/01 07:28:55 | 000,000,000 | ---D | M] -- C:\ProgramData\Firefly Studios
[2010/05/21 10:56:59 | 000,000,000 | ---D | M] -- C:\ProgramData\GAMEON
[2012/08/20 07:40:24 | 000,000,000 | ---D | M] -- C:\ProgramData\GARMIN
[2010/02/20 16:04:23 | 000,000,000 | ---D | M] -- C:\ProgramData\HipSoft
[2012/03/28 11:29:57 | 000,000,000 | ---D | M] -- C:\ProgramData\InstallMate
[2010/07/27 15:27:52 | 000,000,000 | ---D | M] -- C:\ProgramData\JollyBear
[2012/11/15 04:30:03 | 000,000,000 | ---D | M] -- C:\ProgramData\juesofuqzenvnac
[2010/03/27 06:54:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Kingdom
[2010/03/26 14:36:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Kristanix Games
[2010/06/01 09:15:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Meridian93
[2011/12/30 15:45:18 | 000,000,000 | ---D | M] -- C:\ProgramData\mquadr.at
[2010/03/14 07:23:56 | 000,000,000 | ---D | M] -- C:\ProgramData\muvee Technologies
[2011/05/25 04:41:26 | 000,000,000 | ---D | M] -- C:\ProgramData\MyHeritage
[2012/10/25 08:01:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Netzmanager
[2009/09/06 10:15:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Newsoft
[2009/07/26 10:16:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Nikon
[2010/05/08 14:10:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Oberon Media
[2009/02/04 14:36:56 | 000,000,000 | ---D | M] -- C:\ProgramData\PC-Doctor
[2009/02/04 14:36:55 | 000,000,000 | ---D | M] -- C:\ProgramData\PC-Doctor for Windows
[2010/06/22 10:44:47 | 000,000,000 | ---D | M] -- C:\ProgramData\PlayFirst
[2010/11/09 15:30:54 | 000,000,000 | ---D | M] -- C:\ProgramData\PMB Files
[2010/07/27 15:43:09 | 000,000,000 | ---D | M] -- C:\ProgramData\PoBros
[2012/03/28 11:19:33 | 000,000,000 | ---D | M] -- C:\ProgramData\Premium
[2009/09/08 07:48:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Sandlot Games
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/07/06 10:12:46 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2012/01/08 11:34:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Tarma Installer
[2012/10/23 11:35:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2012/07/14 07:34:33 | 000,000,000 | ---D | M] -- C:\ProgramData\tmp
[2012/08/06 11:52:09 | 000,000,000 | ---D | M] -- C:\ProgramData\Tunngle
[2010/10/15 08:46:13 | 000,000,000 | ---D | M] -- C:\ProgramData\UAB
[2009/07/26 10:17:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Ultima_T15
[2009/07/06 10:12:46 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2012/06/08 08:11:47 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangent
[2011/07/26 17:36:27 | 000,000,000 | ---D | M] -- C:\ProgramData\WinMaximizer
[2011/10/28 12:48:15 | 000,000,000 | -H-D | M] -- C:\ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}
[2012/10/25 08:01:09 | 000,000,000 | -H-D | M] -- C:\ProgramData\{87B61FE8-334F-4066-B7AA-68DC81782D4D}
[2012/10/25 08:00:46 | 000,000,000 | -H-D | M] -- C:\ProgramData\{DD034EDF-8A92-4F84-A64A-26BF9B7AE354}
[2012/11/11 17:57:00 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-355835961-2044894735-1737668965-1000Core.job
[2012/11/15 05:57:01 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-355835961-2044894735-1737668965-1000UA.job
[2012/10/20 16:42:12 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2012/11/15 12:36:25 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/11/15 12:36:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4F792399-00DE-4408-A6C9-82E91FDAB779}.job
[2012/11/15 05:03:16 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{DFFE065E-566A-40E0-86BD-A9E3B906FFE7}.job
[2012/11/14 14:00:00 | 000,000,482 | ---- | M] () -- C:\Windows\Tasks\WinMaximizer-Admin-Scheduled.job
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2012/07/27 09:11:06 | 000,045,041 | ---- | M] ()(C:\Users\Admin\Desktop\mama eule ?.jpg) -- C:\Users\Admin\Desktop\mama eule ♥.jpg
[2012/07/27 09:11:06 | 000,045,041 | ---- | C] ()(C:\Users\Admin\Desktop\mama eule ?.jpg) -- C:\Users\Admin\Desktop\mama eule ♥.jpg
========== Alternate Data Streams ==========
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:1013B07C
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:9CB2B6C5
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:D287FACF
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:794BB94F
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:9C5E2795
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:204BEE0F
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:940ECC98
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:687D1056
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:8F925134
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:D93DCF15
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:5425B7F5
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:D44D0CA3
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1
< End of report >
Geändert von Krake (15.11.2012 um 17:12 Uhr) |
|
16.11.2012, 09:47
| #4 |
| /// Malwareteam | Cyer police Sperre Versuche, den Fix auf die lokale Festplatte zu kopieren. Starte dann mit OTLPE und lade den Fix von der Festplatte!
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
16.11.2012, 12:12
| #5 |
| | Cyer police Sperre Hab den Fix von der Festplatte geladen und den PC im normalen Modus gestartet. Er ist hochgefahren und zeigt nun wieder den Police Cyer Bildschirm. |
|
16.11.2012, 12:20
| #6 |
| /// Malwareteam | Cyer police Sperre Der will es aber genau wissen... FRST 64 Downloade dir bitte Farbar's Recovery Scan Tool x64 und speichere diese auf einen USB Stick. Schließe den USB Stick an das infizierte System an Du musst das System nun in die System Reparatur Option booten. Über den Boot Manager
Mit Windows CD/DVD
Wähle in den Reparaturoptionen Eingabeaufforderung
__________________ --> Cyer police Sperre |
|
16.11.2012, 22:40
| #7 |
| | Cyer police Sperre Danke hat funktioniert. Hier der FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2012 Ran by SYSTEM at 16-11-2012 22:32:36 Running from K:\ Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [x] HKLM\...\Run: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [x] HKLM\...\Run: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [182808 2008-11-03] (Intel Corporation) HKLM\...\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe [182784 2006-11-02] (Microsoft Corporation) HKLM\...\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe [225792 2008-01-20] (Microsoft Corporation) HKLM\...\Run: [Ocs_SM] C:\Users\Admin\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2011-11-15] (OCS) HKLM-x32\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM-x32\...\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE [12288 2008-07-21] (Microsoft) HKLM-x32\...\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75016 2008-12-03] (Hewlett-Packard) HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.) HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [Nikon Transfer Monitor] "C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" [479232 2009-09-15] (Nikon Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1564872 2012-06-06] (Ask) HKLM-x32\...\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized [1466760 2012-06-03] (Garmin) HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-02] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-24] (Apple Inc.) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2254768 2012-11-15] (LogMeIn Inc.) HKU\Admin\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation) HKU\Admin\...\Run: [NortonUtilities] C:\Program Files (x86)\Norton Utilities 14\rmtray.exe /S [279912 2009-09-14] (Symantec Corporation) HKU\Admin\...\Run: [Sony Ericsson PC Companion] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background [433872 2011-10-21] (Sony Ericsson) HKU\Admin\...\Run: [Facebook Update] "C:\Users\Admin\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-17] (Facebook Inc.) HKU\Admin\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-10-19] (Google Inc.) HKU\Admin\...\Run: [gzkmgyckzfscuif] C:\ProgramData\gzkmgyck.exe [62976 2012-11-15] () HKU\Admin\...\Policies\system: [LogonHoursAction] 2 HKU\Admin\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [966656 2008-12-01] (Hewlett-Packard) HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [966656 2008-12-01] (Hewlett-Packard) HKU\UpdatusUser\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [966656 2008-12-01] (Hewlett-Packard) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\Default\Start Menu\Programs\Startup\Meine Dienste.lnk ShortcutTarget: Meine Dienste.lnk -> C:\Program Files\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG) Startup: C:\Users\Default User\Start Menu\Programs\Startup\Meine Dienste.lnk ShortcutTarget: Meine Dienste.lnk -> C:\Program Files\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG) ==================== Services (Whitelisted) =================== 2 FirebirdGuardianDefaultInstance; "C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe" -s DefaultInstance [98304 2010-09-17] (Firebird Project) 3 FirebirdServerDefaultInstance; "C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe" -s DefaultInstance [3735552 2010-09-17] (Firebird Project) 2 MCSWASVR; C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe [12800 2011-11-23] (Deutsche Telekom AG) 2 Netzmanager Service; "C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe" [2635776 2012-07-20] (Deutsche Telekom AG) 2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation) 2 SearchAnonymizer; "C:\Users\Admin\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe" [40960 2011-11-15] () 3 Sony Ericsson PCCompanion; "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe" [155344 2011-06-29] (Avanquest Software) 3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [738152 2012-07-19] (Tunngle.net GmbH) 2 TVCapSvc; "C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe" [296320 2009-04-22] () 2 TVSched; "C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe" [116104 2009-04-22] () ==================== Drivers (Whitelisted) ===================== 1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20121106.001\BHDrvx64.sys [1384608 2012-10-23] (Symantec Corporation) 1 cbfs3; C:\Windows\System32\Drivers\cbfs3.sys [318152 2010-05-15] (EldoS Corporation) 1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys [167072 2012-06-06] (Symantec Corporation) 1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-09] (Symantec Corporation) 1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20121114.001\IDSvia64.sys [513184 2012-08-31] (Symantec Corporation) 3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20121114.008\ENG64.SYS [126112 2012-11-15] (Symantec Corporation) 3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20121114.008\EX64.SYS [2084000 2012-11-15] (Symantec Corporation) 3 phaudlwr; C:\Windows\System32\Drivers\phaudlwr.sys [114608 2009-10-20] (Philips Applied Technologies) 3 s0017bus; C:\Windows\System32\Drivers\s0017bus.sys [113704 2008-10-20] (MCCI Corporation) 3 s0017mdfl; C:\Windows\System32\Drivers\s0017mdfl.sys [19496 2008-10-20] (MCCI Corporation) 3 s0017mdm; C:\Windows\System32\Drivers\s0017mdm.sys [152616 2008-10-20] (MCCI Corporation) 3 s0017mgmt; C:\Windows\System32\Drivers\s0017mgmt.sys [133160 2008-10-20] (MCCI Corporation) 3 s0017nd5; C:\Windows\System32\Drivers\s0017nd5.sys [34856 2008-10-20] (MCCI Corporation) 3 s0017obex; C:\Windows\System32\Drivers\s0017obex.sys [128552 2008-10-20] (MCCI Corporation) 3 s0017unic; C:\Windows\System32\Drivers\s0017unic.sys [145960 2008-10-20] (MCCI Corporation) 3 s1039bus; C:\Windows\System32\Drivers\s1039bus.sys [127600 2010-03-15] (MCCI Corporation) 3 s1039mdfl; C:\Windows\System32\Drivers\s1039mdfl.sys [19568 2010-03-15] (MCCI Corporation) 3 s1039mdm; C:\Windows\System32\Drivers\s1039mdm.sys [161904 2010-03-15] (MCCI Corporation) 3 s1039mgmt; C:\Windows\System32\Drivers\s1039mgmt.sys [141424 2010-03-15] (MCCI Corporation) 3 s1039nd5; C:\Windows\System32\Drivers\s1039nd5.sys [34416 2010-03-15] (MCCI Corporation) 3 s1039obex; C:\Windows\System32\Drivers\s1039obex.sys [137328 2010-03-15] (MCCI Corporation) 3 s1039unic; C:\Windows\System32\Drivers\s1039unic.sys [158320 2010-03-15] (MCCI Corporation) 3 seehcri; C:\Windows\System32\Drivers\seehcri.sys [34032 2010-08-28] (Sony Ericsson Mobile Communications) 3 SPC630; C:\Windows\System32\Drivers\SPC630.sys [587264 2008-07-07] ( ) 3 SPC630m; C:\Windows\System32\Drivers\SPC630m.sys [8192 2008-07-07] ( ) 1 SRTSP; C:\Windows\System32\Drivers\NISx64\1309000.009\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation) 1 SRTSPX; C:\Windows\system32\drivers\NISx64\1309000.009\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation) 0 SymDS; C:\Windows\System32\drivers\NISx64\1309000.009\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation) 0 SymEFA; C:\Windows\System32\drivers\NISx64\1309000.009\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation) 3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-03-26] (Symantec Corporation) 1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [43640 2011-11-23] (Symantec Corporation) 1 SymIRON; C:\Windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS [190072 2012-04-17] (Symantec Corporation) 1 SYMTDIv; C:\Windows\System32\Drivers\NISx64\1309000.009\SYMTDIV.SYS [445560 2012-04-17] (Symantec Corporation) 3 tap0901t; C:\Windows\System32\Drivers\tap0901t.sys [31232 2009-09-15] (Tunngle.net) 3 TelekomNM6; \??\C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) 2 {55662437-DA8C-40c0-AADA-2C816A897A49}; \??\C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2008-11-28] (CyberLink Corp.) 3 cpuz132; \??\C:\Users\Admin\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [x] 3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x] 3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x] 3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x] 3 PCD5SRVC{8AAF211B-043E02A9-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [x] 3 SYMDNS; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SYMDNS.SYS [x] 3 SYMFW; C:\Windows\System32\Drivers\NISx64\1008000.029\SYMFW.SYS [x] 3 SYMNDISV; C:\Windows\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS [x] 3 SYMREDRV; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SYMREDRV.SYS [x] ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2012-11-16 22:32 - 2012-11-16 22:32 - 00000000 ____D C:\FRST 2012-11-16 02:16 - 2012-11-16 02:16 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2012-11-15 09:58 - 2012-11-16 08:09 - 00036312 ____A C:\Extras.Txt 2012-11-15 09:22 - 2012-11-16 08:09 - 00161400 ____A C:\OTL.Txt 2012-11-15 01:30 - 2012-11-15 01:30 - 00000000 ____D C:\Users\All Users\juesofuqzenvnac 2012-11-15 01:30 - 2012-11-15 01:30 - 00000000 ____D C:\Users\All Users\Application Data\juesofuqzenvnac 2012-11-15 01:30 - 2012-11-15 01:29 - 00062976 ____A C:\Users\All Users\gzkmgyck.exe 2012-11-15 01:30 - 2012-11-15 01:29 - 00062976 ____A C:\Users\All Users\Application Data\gzkmgyck.exe 2012-11-15 01:29 - 2012-11-15 01:30 - 00076360 ____A C:\Users\All Users\egabnywdhryaovg 2012-11-15 01:29 - 2012-11-15 01:30 - 00076360 ____A C:\Users\All Users\Application Data\egabnywdhryaovg 2012-11-15 01:29 - 2012-11-15 01:29 - 00062976 ____A C:\Users\Admin\0.279950476258064.exe 2012-11-10 04:39 - 2010-02-04 01:01 - 00530776 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll 2012-11-10 04:39 - 2010-02-04 01:01 - 00528216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll 2012-11-10 04:39 - 2010-02-04 01:01 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll 2012-11-10 04:39 - 2010-02-04 01:01 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll 2012-11-10 04:39 - 2010-02-04 01:01 - 00078680 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll 2012-11-10 04:39 - 2010-02-04 01:01 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll 2012-11-10 04:39 - 2010-02-04 01:01 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll 2012-11-10 04:39 - 2010-02-04 01:01 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll 2012-11-10 04:39 - 2009-09-04 08:44 - 00517960 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll 2012-11-10 04:39 - 2009-09-04 08:44 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll 2012-11-10 04:39 - 2009-09-04 08:44 - 00176968 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll 2012-11-10 04:39 - 2009-09-04 08:44 - 00073544 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll 2012-11-10 04:39 - 2009-09-04 08:29 - 05554512 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll 2012-11-10 04:39 - 2009-09-04 08:29 - 05501792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll 2012-11-10 04:39 - 2009-09-04 08:29 - 02582888 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll 2012-11-10 04:39 - 2009-09-04 08:29 - 02475352 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll 2012-11-10 04:39 - 2009-09-04 08:29 - 00285024 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll 2012-11-10 04:39 - 2009-09-04 08:29 - 00235344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll 2012-11-10 04:39 - 2008-10-27 01:04 - 00518480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll 2012-11-10 04:39 - 2008-10-27 01:04 - 00514384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll 2012-11-10 04:39 - 2008-10-27 01:04 - 00235856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll 2012-11-10 04:39 - 2008-10-27 01:04 - 00175440 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll 2012-11-10 04:39 - 2008-10-27 01:04 - 00074576 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll 2012-11-10 04:39 - 2008-10-27 01:04 - 00070992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll 2012-11-10 04:39 - 2008-10-27 01:04 - 00025936 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll 2012-11-10 04:39 - 2008-10-27 01:04 - 00023376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll 2012-11-10 04:39 - 2008-07-31 01:41 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll 2012-11-10 04:39 - 2008-07-31 01:41 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll 2012-11-10 04:39 - 2008-07-31 01:41 - 00072200 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll 2012-11-10 04:39 - 2008-07-31 01:41 - 00068616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll 2012-11-10 04:39 - 2008-07-31 01:40 - 00513544 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll 2012-11-10 04:39 - 2008-07-31 01:40 - 00509448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll 2012-11-10 04:32 - 2012-11-10 04:37 - 00001961 ____A C:\Users\Public\Desktop\Oblivion.lnk 2012-11-10 04:32 - 2012-11-10 04:37 - 00001961 ____A C:\Users\All Users\Desktop\Oblivion.lnk 2012-11-10 04:32 - 2012-11-10 04:32 - 00000000 ____D C:\Program Files (x86)\Bethesda Softworks 2012-11-09 00:31 - 2012-11-09 00:31 - 00001718 ____A C:\Users\Public\Desktop\QuickTime Player.lnk 2012-11-09 00:31 - 2012-11-09 00:31 - 00001718 ____A C:\Users\All Users\Desktop\QuickTime Player.lnk 2012-11-09 00:31 - 2012-11-09 00:31 - 00000000 ____D C:\Users\All Users\Application Data\Apple Computer 2012-11-09 00:31 - 2012-11-09 00:31 - 00000000 ____D C:\Users\All Users\Apple Computer 2012-11-09 00:31 - 2012-11-09 00:31 - 00000000 ____D C:\Program Files (x86)\QuickTime 2012-11-08 09:54 - 2012-11-08 09:55 - 00000818 ____A C:\Users\Admin\Desktop\Probenplan November.lnk 2012-11-06 15:05 - 2012-11-06 15:57 - 00000000 ____D C:\Users\Admin\AppData\Roaming\UseNeXT 2012-11-06 15:05 - 2012-11-06 15:05 - 02927968 ____A (Tangysoft Ltd. ) C:\Users\Admin\Downloads\UseNeXT_freetrial_416123w.exe 2012-11-06 15:05 - 2012-11-06 15:05 - 00000000 ____D C:\Program Files (x86)\UseNeXT 2012-10-29 05:00 - 2012-10-29 05:00 - 00000000 ____D C:\Users\Admin\AppData\Local\Chromium 2012-10-27 09:46 - 2012-10-27 09:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2012-10-27 03:05 - 2012-10-27 03:06 - 40166821 ____A C:\Users\Admin\Downloads\64px 4.6.1 [mc1.4.2] HD MK WORKING.zip 2012-10-27 03:05 - 2012-10-27 03:06 - 39146373 ____A C:\Users\Admin\Downloads\64px [mc1.4.2] MK ANTIK 2.3.zip 2012-10-25 10:44 - 2012-10-25 10:46 - 50570531 ____A C:\Users\Admin\Downloads\Misa431.zip 2012-10-25 06:54 - 2012-10-25 06:55 - 49769524 ____A C:\Users\Admin\Downloads\Misa430.zip 2012-10-25 06:53 - 2012-10-25 06:53 - 01689625 ____A C:\Users\Admin\Downloads\mcpatcher-2.4.3_02.exe 2012-10-25 05:01 - 2012-10-25 05:01 - 00000000 ____D C:\Program Files\Netzmanager 2012-10-25 05:00 - 2012-10-25 05:01 - 00000000 __HDC C:\Users\All Users\Application Data\{87B61FE8-334F-4066-B7AA-68DC81782D4D} 2012-10-25 05:00 - 2012-10-25 05:01 - 00000000 __HDC C:\Users\All Users\{87B61FE8-334F-4066-B7AA-68DC81782D4D} 2012-10-24 18:12 - 2012-10-24 18:12 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx 2012-10-24 18:12 - 2012-10-24 18:12 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts 2012-10-23 12:53 - 2012-10-23 12:53 - 00365400 ____A C:\Windows\Minidump\Mini102312-04.dmp 2012-10-23 06:29 - 2012-10-23 06:29 - 00620328 ____A C:\Windows\Minidump\Mini102312-03.dmp 2012-10-23 05:06 - 2012-10-23 05:06 - 00489048 ____A C:\Windows\Minidump\Mini102312-02.dmp 2012-10-23 02:15 - 2012-10-23 02:15 - 00569152 ____A C:\Windows\Minidump\Mini102312-01.dmp 2012-10-19 10:23 - 2012-11-11 01:10 - 00000000 ____D C:\Users\Admin\AppData\Roaming\.minecraft ==================== One Month Modified Files and Folders ======= 2012-11-16 08:09 - 2012-11-15 09:58 - 00036312 ____A C:\Extras.Txt 2012-11-16 08:09 - 2012-11-15 09:22 - 00161400 ____A C:\OTL.Txt 2012-11-16 02:41 - 2010-05-29 01:20 - 00000420 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{4F792399-00DE-4408-A6C9-82E91FDAB779}.job 2012-11-16 02:39 - 2012-03-01 07:08 - 00000000 ____D C:\Users\Admin\AppData\Local\LogMeIn Hamachi 2012-11-16 02:39 - 2010-02-05 07:24 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-11-16 02:39 - 2009-02-04 11:12 - 00000000 ____D C:\Users\All Users\NVIDIA 2012-11-16 02:39 - 2009-02-04 11:12 - 00000000 ____D C:\Users\All Users\Application Data\NVIDIA 2012-11-16 02:39 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-11-16 02:39 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2012-11-16 02:39 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2012-11-16 02:16 - 2012-11-16 02:16 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2012-11-15 09:36 - 2009-03-28 12:49 - 01842945 ____A C:\Windows\WindowsUpdate.log 2012-11-15 09:36 - 2006-11-02 07:42 - 00032534 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-11-15 09:35 - 2010-02-05 07:24 - 00001110 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-11-15 09:35 - 2009-02-04 18:46 - 00685402 ____A C:\Windows\System32\perfh007.dat 2012-11-15 09:35 - 2009-02-04 18:46 - 00150366 ____A C:\Windows\System32\perfc007.dat 2012-11-15 09:35 - 2006-11-02 04:46 - 01597552 ____A C:\Windows\System32\PerfStringBackup.INI 2012-11-15 09:18 - 2009-07-06 07:13 - 00000000 ____D C:\users\Admin 2012-11-15 02:57 - 2012-07-17 13:52 - 00000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-355835961-2044894735-1737668965-1000UA.job 2012-11-15 02:03 - 2012-01-07 04:15 - 00000422 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{DFFE065E-566A-40E0-86BD-A9E3B906FFE7}.job 2012-11-15 01:30 - 2012-11-15 01:30 - 00000000 ____D C:\Users\All Users\juesofuqzenvnac 2012-11-15 01:30 - 2012-11-15 01:30 - 00000000 ____D C:\Users\All Users\Application Data\juesofuqzenvnac 2012-11-15 01:30 - 2012-11-15 01:29 - 00076360 ____A C:\Users\All Users\egabnywdhryaovg 2012-11-15 01:30 - 2012-11-15 01:29 - 00076360 ____A C:\Users\All Users\Application Data\egabnywdhryaovg 2012-11-15 01:29 - 2012-11-15 01:30 - 00062976 ____A C:\Users\All Users\gzkmgyck.exe 2012-11-15 01:29 - 2012-11-15 01:30 - 00062976 ____A C:\Users\All Users\Application Data\gzkmgyck.exe 2012-11-15 01:29 - 2012-11-15 01:29 - 00062976 ____A C:\Users\Admin\0.279950476258064.exe 2012-11-15 01:26 - 2012-04-28 02:04 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-11-14 12:22 - 2011-05-07 12:16 - 00000000 ____D C:\Users\Admin\AppData\Roaming\HpUpdate 2012-11-14 11:00 - 2011-07-27 00:48 - 00000482 ____A C:\Windows\Tasks\WinMaximizer-Admin-Scheduled.job 2012-11-12 13:08 - 2009-10-19 15:38 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype 2012-11-11 14:57 - 2012-07-17 13:52 - 00000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-355835961-2044894735-1737668965-1000Core.job 2012-11-11 08:52 - 2009-09-01 04:38 - 00000000 ____D C:\Users\Admin\Documents\Meine Scans 2012-11-11 01:10 - 2012-10-19 10:23 - 00000000 ____D C:\Users\Admin\AppData\Roaming\.minecraft 2012-11-11 00:34 - 2008-01-20 19:26 - 00113234 ____A C:\Windows\PFRO.log 2012-11-10 04:39 - 2009-10-10 08:32 - 00410885 ____A C:\Windows\Directx.log 2012-11-10 04:37 - 2012-11-10 04:32 - 00001961 ____A C:\Users\Public\Desktop\Oblivion.lnk 2012-11-10 04:37 - 2012-11-10 04:32 - 00001961 ____A C:\Users\All Users\Desktop\Oblivion.lnk 2012-11-10 04:32 - 2012-11-10 04:32 - 00000000 ____D C:\Program Files (x86)\Bethesda Softworks 2012-11-10 04:25 - 2012-09-30 09:03 - 00000000 ____D C:\Neuer Ordner 2012-11-09 04:11 - 2009-07-10 03:11 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log 2012-11-09 00:31 - 2012-11-09 00:31 - 00001718 ____A C:\Users\Public\Desktop\QuickTime Player.lnk 2012-11-09 00:31 - 2012-11-09 00:31 - 00001718 ____A C:\Users\All Users\Desktop\QuickTime Player.lnk 2012-11-09 00:31 - 2012-11-09 00:31 - 00000000 ____D C:\Users\All Users\Application Data\Apple Computer 2012-11-09 00:31 - 2012-11-09 00:31 - 00000000 ____D C:\Users\All Users\Apple Computer 2012-11-09 00:31 - 2012-11-09 00:31 - 00000000 ____D C:\Program Files (x86)\QuickTime 2012-11-08 09:55 - 2012-11-08 09:54 - 00000818 ____A C:\Users\Admin\Desktop\Probenplan November.lnk 2012-11-07 13:19 - 2010-05-11 00:51 - 00000000 ___SD C:\Users\Admin\Documents\Eigene Datenquellen 2012-11-07 12:04 - 2006-11-02 07:27 - 00246403 ____A C:\Windows\setupact.log 2012-11-06 15:57 - 2012-11-06 15:05 - 00000000 ____D C:\Users\Admin\AppData\Roaming\UseNeXT 2012-11-06 15:05 - 2012-11-06 15:05 - 02927968 ____A (Tangysoft Ltd. ) C:\Users\Admin\Downloads\UseNeXT_freetrial_416123w.exe 2012-11-06 15:05 - 2012-11-06 15:05 - 00000000 ____D C:\Program Files (x86)\UseNeXT 2012-10-29 05:00 - 2012-10-29 05:00 - 00000000 ____D C:\Users\Admin\AppData\Local\Chromium 2012-10-29 04:58 - 2010-11-09 13:32 - 00000000 ____D C:\Users\Admin\AppData\Local\Turbine 2012-10-28 00:31 - 2012-05-03 01:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2012-10-27 09:46 - 2012-10-27 09:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2012-10-27 03:06 - 2012-10-27 03:05 - 40166821 ____A C:\Users\Admin\Downloads\64px 4.6.1 [mc1.4.2] HD MK WORKING.zip 2012-10-27 03:06 - 2012-10-27 03:05 - 39146373 ____A C:\Users\Admin\Downloads\64px [mc1.4.2] MK ANTIK 2.3.zip 2012-10-25 10:46 - 2012-10-25 10:44 - 50570531 ____A C:\Users\Admin\Downloads\Misa431.zip 2012-10-25 06:55 - 2012-10-25 06:54 - 49769524 ____A C:\Users\Admin\Downloads\Misa430.zip 2012-10-25 06:53 - 2012-10-25 06:53 - 01689625 ____A C:\Users\Admin\Downloads\mcpatcher-2.4.3_02.exe 2012-10-25 05:01 - 2012-10-25 05:01 - 00000000 ____D C:\Program Files\Netzmanager 2012-10-25 05:01 - 2012-10-25 05:00 - 00000000 __HDC C:\Users\All Users\Application Data\{87B61FE8-334F-4066-B7AA-68DC81782D4D} 2012-10-25 05:01 - 2012-10-25 05:00 - 00000000 __HDC C:\Users\All Users\{87B61FE8-334F-4066-B7AA-68DC81782D4D} 2012-10-25 05:01 - 2012-07-10 11:02 - 00000916 ____A C:\Users\Public\Desktop\Netzmanager.lnk 2012-10-25 05:01 - 2012-07-10 11:02 - 00000916 ____A C:\Users\All Users\Desktop\Netzmanager.lnk 2012-10-25 05:01 - 2012-07-10 11:02 - 00000000 ____D C:\Users\All Users\Netzmanager 2012-10-25 05:01 - 2012-07-10 11:02 - 00000000 ____D C:\Users\All Users\Application Data\Netzmanager 2012-10-25 05:00 - 2012-07-10 11:02 - 00000000 __HDC C:\Users\All Users\Application Data\{DD034EDF-8A92-4F84-A64A-26BF9B7AE354} 2012-10-25 05:00 - 2012-07-10 11:02 - 00000000 __HDC C:\Users\All Users\{DD034EDF-8A92-4F84-A64A-26BF9B7AE354} 2012-10-24 18:12 - 2012-10-24 18:12 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx 2012-10-24 18:12 - 2012-10-24 18:12 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts 2012-10-23 13:01 - 2009-10-09 07:06 - 00000000 ____D C:\Windows\uninstall 2012-10-23 12:53 - 2012-10-23 12:53 - 00365400 ____A C:\Windows\Minidump\Mini102312-04.dmp 2012-10-23 12:53 - 2012-08-10 11:25 - 952709964 ____A C:\Windows\MEMORY.DMP 2012-10-23 12:53 - 2012-08-10 11:25 - 00000000 ____D C:\Windows\Minidump 2012-10-23 08:35 - 2011-05-04 10:33 - 00003072 ____A C:\Windows\SysWOW64\Cache.db 2012-10-23 07:08 - 2011-07-25 09:08 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2012-10-23 07:08 - 2010-11-18 09:56 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2012-10-23 06:29 - 2012-10-23 06:29 - 00620328 ____A C:\Windows\Minidump\Mini102312-03.dmp 2012-10-23 05:06 - 2012-10-23 05:06 - 00489048 ____A C:\Windows\Minidump\Mini102312-02.dmp 2012-10-23 02:15 - 2012-10-23 02:15 - 00569152 ____A C:\Windows\Minidump\Mini102312-01.dmp 2012-10-20 13:42 - 2009-07-06 09:05 - 00000456 ____A C:\Windows\Tasks\PCDRScheduledMaintenance.job ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-10-23 08:37:44 Restore point made on: 2012-10-24 06:21:03 Restore point made on: 2012-10-27 14:50:51 Restore point made on: 2012-10-29 15:29:13 Restore point made on: 2012-10-30 13:11:54 Restore point made on: 2012-11-01 02:12:29 Restore point made on: 2012-11-02 01:45:36 Restore point made on: 2012-11-06 09:16:01 Restore point made on: 2012-11-10 04:23:52 Restore point made on: 2012-11-10 04:31:59 Restore point made on: 2012-11-10 04:38:09 Restore point made on: 2012-11-10 04:42:30 Restore point made on: 2012-11-11 03:32:51 ==================== Memory info =========================== Percentage of memory in use: 14% Total physical RAM: 6142.33 MB Available physical RAM: 5274.34 MB Total Pagefile: 5714.49 MB Available Pagefile: 5251.96 MB Total Virtual: 8192 MB Available Virtual: 8191.91 MB ==================== Partitions ============================= 1 Drive c: (HP) (Fixed) (Total:582.33 GB) (Free:210.89 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.84 GB) (Free:1.94 GB) NTFS ==>[System with boot components (obtained from reading drive)] 3 Drive e: (Daten) (Fixed) (Total:596.17 GB) (Free:325.13 GB) NTFS 9 Drive k: () (Removable) (Total:14.93 GB) (Free:14.18 GB) FAT32 10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Datentr ### Status GrӇe Frei Dyn GPT -------- ---------- ------- ------- --- --- 0 Online 596 GB 0 B 1 Online 596 GB 0 B 2 Kein Mediu 0 B 0 B 3 Kein Mediu 0 B 0 B 4 Kein Mediu 0 B 0 B 5 Kein Mediu 0 B 0 B 6 Online 15 GB 0 B Last Boot: 2012-11-15 09:36 ==================== End Of Log ============================= |
|
19.11.2012, 07:30
| #8 |
| /// Malwareteam | Cyer police Sperre Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\Admin\...\Run: [gzkmgyckzfscuif] C:\ProgramData\gzkmgyck.exe [62976 2012-11-15] ()
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll
2 SearchAnonymizer;
C:\ProgramData\gzkmgyck.exe
C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll
C:\Users\Admin\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
C:\Users\Admin\0.279950476258064.exe
C:\Users\All Users\Application Data\egabnywdhryaovg
C:\Users\All Users\egabnywdhryaovg
C:\Users\All Users\Application Data\gzkmgyck.exe
C:\Users\All Users\juesofuqzenvnac
C:\Users\All Users\Application Data\juesofuqzenvnac
Startet der Rechner nun wieder?
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
26.11.2012, 08:41
| #9 |
| /// Malwareteam | Cyer police Sperre Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
28.11.2012, 15:24
| #10 |
| /// Malwareteam | Cyer police Sperre Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
| Themen zu Cyer police Sperre |
| babylontoolbar, bandoo, bingbar, heute, incredibar toolbar, install.exe, intranet, mehrfach, morgen, nvidia update, plug-in, police, polizei, polizei trojaner, scan, searchcore, sperre, tarma, troja, trojaner, wildtangent games, winload toolbar, yontoo |
Linear-Darstellung
